Compliance with employment law: employer obligations

Compliance with employment law represents a major challenge for all French businesses, regardless of size. Between mandatory notices, contract drafting, personal data management and legal document archiving, the regulatory framework continues to expand. In 2026, digital transformation imposes additional requirements: how to dematerialise without losing compliance? This article guides you through the main employer obligations, associated legal risks, and concrete solutions to secure your HR practices daily.

The legal foundations of employer compliance

The Labour Code: pillar of legal obligation

The French Labour Code constitutes the central reference for any employer established in France. It sets rules relating to working hours, paid leave, minimum wage (SMIC set at 11.88 €/hour gross as of 1 January 2026), contract termination conditions, and union rights. An employer must not only know these provisions, but be able to prove their effective application in the company at any time.

Several documentary obligations structure this compliance: maintaining a unique personnel register (art. L.1221-13), providing detailed pay slips to each employee (art. L.3243-1), and concluding a written employment contract for fixed-term contracts (art. L.1242-12) and part-time contracts (art. L.3123-6). For permanent contracts, the law has imposed, since the transposition of European Directive 2019/1152 (known as "Transparent Working Conditions"), written information on the essential elements of the employment relationship within seven days of hire.

Collective agreements and company agreements

Beyond the Labour Code, the employer must comply with the provisions of the collective agreement applicable to its sector of activity. These texts may provide more favourable conditions than the law regarding minimum wages, notice periods, bonuses or working hours. In the event of dispute, labour courts systematically verify compliance with these agreements. Failure to comply with a collective agreement constitutes fault capable of engaging the employer's civil liability.

Company agreements negotiated with employee representatives (CSE) supplement this framework. Since the 2017 Macron ordinances, their scope has been considerably expanded, particularly on working time, variable remuneration and teleworking issues.

Documentary obligations and mandatory notices

Documents to be posted in the workplace

The employer is required to post a set of mandatory information in its premises, under penalty of administrative fines. Among the main required notices are:

• The address and contact details of the territorially competent labour inspectorate

• Collective working hours and rest schedules

• Legal and regulatory texts relating to gender equality in the workplace

• Contact details of the occupational health physician and occupational health service

• Smoking and vaping prohibition in premises

• The applicable collective agreement (or its title with an indication of where it can be consulted)

Since 2023, certain notices can be posted electronically, provided all employees have access to them from their workstation. This change opens the way to progressive digitalisation of information obligations.

Management and retention of HR documents

The retention of social documents follows specific timeframes. Employment contracts must be retained for five years after the end of the contractual relationship (statute of limitations for wage claims). Pay slips, since the 2016 El Khomri Act, must be retained indefinitely when dematerialised on a digital safe conforming to electronic signature standards. Documents relating to social contributions must be retained for three years.

The stakes are considerable: according to a Deloitte study published in 2024, nearly 38% of labour disputes are aggravated by the employer's inability to produce original contractual documents within the prescribed timeframes.

Dematerialisation of employment contracts: issues and compliance

The legal framework for electronic signatures in employment law

Since Ordinance No. 2016-131 of 10 February 2016 reforming contract law, electronic signature is legally equivalent to handwritten signature provided it meets the requirements of Article 1367 of the Civil Code. With regard to employment contracts, the General Directorate of Labour (DGT) confirmed in its 2017 circular that permanent contracts, fixed-term contracts and amendments can be signed electronically, provided the signatory is reliably identified and the integrity of the document is ensured.

Regulation eIDAS No. 910/2014 defines three levels of signature: simple, advanced and qualified. For the vast majority of HR documents (employment contracts, amendments, contract termination documents), advanced electronic signature offers a sufficient level of security and is recognised by courts. For certain specific acts such as approved consensual termination or collective agreements, particular attention must be paid to the level of signature required. Businesses wishing to digitalise their HR processes can rely on the dedicated HR solution from Certyneo, compliant with eIDAS regulation and CNIL requirements.

The operational benefits of HR dematerialisation

Electronic signature of HR documents generates substantial gains. According to the 2025 IDC report on digital transformation of support functions, companies that have dematerialised their contract signature process reduce the average return time of signed contracts by 75% (from 8 to 2 days) and reduce printing, mailing and archiving costs by approximately €60 per contract. For an SME of 50 employees carrying out an average of 25 hires per year, annual savings exceed €1,500, not counting time savings for staff.

The enhanced traceability provided by a qualified electronic signature solution also constitutes a strong argument in case of dispute: each step of the signature process is time-stamped and logged, creating an irrefutable audit trail. To precisely assess the return on investment of your dematerialisation project, the Certyneo ROI calculator allows you to obtain a personalised estimate in a few minutes.

Protection of employee personal data (GDPR)

Employer obligations as data controller

The employer is a data controller under the GDPR (General Data Protection Regulation, No. 2016/679) for all personal data collected on its employees. To this end, it must:

• Maintain a record of processing activities (art. 30 GDPR)

• Inform employees of data collection and use (art. 13-14 GDPR)

• Implement technical and organisational measures guaranteeing data security

• Designate a data protection officer (DPO) if processing requires it

• Carry out an impact assessment (DPIA) for high-risk processing

The CNIL recalled in its 2024 guidance that employee monitoring (geolocation, e-mail control, biometric clocking) is subject to strict conditions of proportionality and must be preceded by information to employee representatives.

Sensitive data and enhanced vigilance

Certain categories of data collected in the context of the employment relationship are considered "sensitive" within the meaning of Article 9 of the GDPR: health data (sick leave, medical restrictions from the occupational health physician), data relating to trade union or political affiliation, biometric data. Their processing is prohibited except for strictly defined exceptions and requires, in any case, enhanced safeguards.

Breach of these obligations exposes the employer to administrative penalties of up to 4% of global annual turnover or €20 million. In 2025, the CNIL imposed 135 penalties, including several targeting employers for failings in HR data management.

Prevention of occupational risks and single risk assessment document

The DUERP: a central obligation

The Single Risk Assessment Document for Occupational Health and Safety (DUERP) is mandatory for any employer, from the first employee (art. L.4121-3 of the Labour Code). It must identify all risks to the health and safety to which employees are exposed, and be updated at least annually, as well as whenever there is a significant change in working conditions or following any workplace accident.

Since Act No. 2021-1018 of 2 August 2021 (known as the "Occupational Health Act"), the DUERP must be deposited on a dedicated digital portal managed by employer organisations. The employer must retain successive versions of the document for at least 40 years. Non-compliance with this obligation is punished by a Class 5 infringement (fine of up to €1,500 per employee).

Training and information of employees

The employer has a general safety obligation towards its employees, recognised by case law under the term "contractual safety obligation of result" (Cass. soc., 28 February 2002, Asbestos). This obligation implies in particular providing safety training upon hire, when changing position or following a workplace accident. Records of this training must be retained and may be requested during a labour inspectorate inspection.

Dematerialised management of these training documents — notifications, certificates, attendance records — fits naturally into an overall HR digitalisation approach. The HR contract templates and documents available on Certyneo allow you to automate the production and signature of these documents in full regulatory compliance.

Legal framework applicable to employer compliance

Compliance with employment law is based on a dense legal corpus, articulating national law and European regulation.

French Labour Code: It constitutes the primary source of employer obligations. Its provisions relating to the conclusion and performance of the employment contract (Book II, first part), working hours (Book I, third part), health and safety (fourth part) and employee representative bodies (second part, Book III) are binding on every private employer.

Civil Code — Articles 1366 and 1367: These provisions, arising from Ordinance No. 2016-131, establish the principle of equivalence between handwritten and electronic signature. Article 1366 states that "electronic writing has the same probative force as writing on paper". Article 1367 makes the validity of the electronic signature subject to reliable identification of the signatory and the integrity of the signed document.

Regulation eIDAS No. 910/2014: This European regulation, directly applicable in France, defines the three levels of electronic signature (simple, advanced, qualified) and establishes the conditions for their mutual recognition between Member States. The revised version eIDAS 2.0 (EU Regulation 2024/1183, which came into force in May 2024) strengthens requirements for trust service providers and introduces the European digital identity wallet (EUDIW). ETSI standards EN 319 132 and EN 319 122 define the technical formats for conforming signatures (XAdES, CAdES, PAdES).

GDPR No. 2016/679: The processing of employee personal data is subject to the GDPR. The employer must in particular respect the principles of data minimisation, limitation of retention period and integrity/confidentiality (art. 5). In the event of a personal data breach, it has 72 hours to notify the CNIL (art. 33).

NIS2 Directive (2022/2555), transposed into French law by the Act of 26 September 2025: it extends cybersecurity obligations to a broad spectrum of entities, including digital service providers used by employers for document management and electronic signature. Employers using SaaS tools must ensure their providers comply with NIS2 requirements.

Legal risks and penalties: Non-compliance with Labour Code obligations exposes the employer to labour court rulings (wage arrears, damages), administrative fines imposed by the labour inspectorate, and in the most serious cases, criminal proceedings (undeclared work, moral or sexual harassment). Use of an electronic signature solution not compliant with eIDAS may result in the nullity of signed documents and deprive the employer of any valid evidence in case of dispute.

Use cases: dematerialised HR compliance in practice

An industrial SME of 80 employees facing contract return delays

An SME in the metalwork sector, employing 80 employees and frequently using seasonal fixed-term contracts, faced a recurring problem: contracts sent by post to candidates were returned signed with an average delay of 9 days, sometimes after the assignment had begun. This situation exposed the company to a risk of reclassification of fixed-term contracts as permanent contracts, due to lack of a signed contract before starting work (art. L.1242-13 of the Labour Code).

By deploying an advanced electronic signature solution integrated with its HRIS, the company reduced this delay to less than 4 hours on average. The rate of return of contracts before the first day of work rose from 62% to 99%, virtually eliminating the risk of reclassification. The gain in HR time was estimated at 3.5 hours per week, equivalent to approximately €18,000 in annual salary costs reallocated to higher value-added tasks.

A multi-site distribution group managing several hundred amendments annually

A distribution group operating some twenty retail outlets in France had to manage more than 400 amendments to employment contracts each year (changes to schedules, transitions to part-time, individual increases). The manual process involved back-and-forth between site managers, head office and employees, generating average validation delays of 12 days and an error rate (unsigned or poorly archived amendments) exceeding 15%.

After migration to a SaaS electronic signature platform compliant with eIDAS with automated workflows, the average time to sign amendments fell to 48 hours. The archiving error rate was reduced to less than 1%, and the company now has a complete time-stamped audit trail for each document, which allowed it to win a labour dispute by instantly producing proof of signature at a hearing.

A consulting firm in strong growth adapting its practices to the GDPR

A strategy consulting firm of about fifty employees, in strong growth, collected and stored sensitive HR data (personal information sheets, identification documents, bank details, medical information related to sick leave) in unsecured shared folders. Following a GDPR audit ordered by its external DPO, several critical non-conformities were identified: lack of formalised legal basis for certain processing, non-compliance with retention periods, absence of encryption of data at rest.

The firm restructured its document architecture around an electronic document management platform (EDM) coupled with a certified electronic signature solution, enabling end-to-end encryption and fine-grained access rights management. A processing register was updated and retention policies automated. This compliance initiative avoided CNIL proceedings and reassured institutional clients requiring contractual guarantees on data security.

Conclusion

Compliance with employment law is an ongoing exercise that engages the civil, criminal and administrative liability of any employer. From properly formalised employment contracts to the protection of employee personal data, including risk prevention and mandatory notices, each obligation requires rigorous organisation and suitable tools.

The dematerialisation of HR processes — provided it is carried out in compliance with eIDAS regulation and the GDPR — is today the most effective lever for reconciling legal compliance with operational efficiency. It reduces delays, strengthens traceability and secures evidence in case of dispute.

Certyneo supports employers in this transition with a 100% compliant electronic signature solution, integrable with your existing HR tools. Create your free account on Certyneo and dematerialise your first employment contracts in full compliance today.